It's excited, does server line(client side) support 0-rtt?
On Mon, Oct 2, 2017 at 11:18 PM, Olivier Houchard <[email protected]> wrote:
> Hi,
>
> The attached patches add experimental support for 0-RTT with OpenSSL 1.1.1
> They are based on Emmanuel's previous patches, so I'm submitting them again,
> updated to reflect the changes in OpenSSL API, and with a few fixes.
> To allow the use of early data, one has to explicitely add "allow-0rtt" to
> its bind line. If early data are provided by the client, a
> "Early-Data: 1" header will be added, to let the origin server know that.
>
> Because early data have security implications, a new sample fetch was added,
> "ssl_fc_has_early", a boolean that will be evaluated to true if early data
> were provided, as well as new action, "wait-for-handshake", which will make
> haproxy wait for the completion of the SSL handshake before processing the
> request. After the handshake, early data are considered as normal data, and
> they won't be reported to the origin server.
>
> As usual, bugs are to be expected, and any review and/or test will be
> appreciated.
>
> Regards,
>
> Olivier
